The term “cloud computing” puts both giddiness and fear in the hearts of IT managers around the world. Adopting cloud-based services gives organizations many benefits, but it also opens them up to many risks and vulnerabilities.
Securing the cloud will be one of the biggest challenges for network managers as more companies adopt services, such as storage for rent, software as a service, virtual IT and application hosting. The concept of protecting data-at-rest versus data-in-motion comes into play, forcing organizations to examine various security mechanisms to secure their data while it's stored or circulated in the cloud and when it's brought back to the network proper.
These challenges include application control, encryption, SSL inspection, data leakage protection and anti-virus. Data while at rest in the cloud may be protected in a lock-and-key manner to prevent unauthorized access, but infected data is not necessarily cleansed in the cloud.
To guard against any data loss of confidential projects for data stored in the cloud, IT administrators must ensure the vendor has an access control security policy and that data cannot be leaked. As well, regulatory compliance considerations need to be evaluated as part of the cloud-vendor selection criteria.
When it comes to data in transit, administrators should ensure the network security solution can inspect application content for malware, determine whether or not it is encrypted, and make certain it can look for threats as data enters and leaves the network.
When it comes to data in use, ensure the vendor provides adequate protection so that data is clean of malware and that co-located content is not infected if malware is present.
It's also vital to ensure that appropriate client security controls are in place so that data downloaded from cloud-based services is not infected and carried into the network or back into the cloud.